<format>
	<id company="Microsoft" name="Windows Event Log"></id>
	<description>Returns events from the Windows Event Log and from Event Log backup files (.evt files). It supports access to remote event logs.</description>
	
	<logparser>
		<patterns>
			<pattern>*.evt</pattern>
		</patterns>

		<input name="EVT">
			<param name="fullEventCode">True</param>
		</input>

		<fields-config>
			<field name='Time'>TO_DATETIME(TimeGenerated, DEFAULT_DATETIME_FORMAT())</field>
			<field name='Body'>Message</field>
			<field name='Event ID'>EventID</field>
			<field name='Source Name'>SourceName</field>
			<field name='Computer Name'>ComputerName</field>
			<field name='Event Log'>EventLog</field>
			<field name='Category'>EventCategoryName</field>
			<field name='Severity' code-type='function'>
switch (EventType)
{
case "1":
case "16":
	return Severity.Error;
case "2":
	return Severity.Warning;
default:
	return Severity.Info;
}
			</field>
		</fields-config>
	</logparser>
</format>